Lucene search
Redhat.comRH:CVE-2018-17175HistorySep 20, 2018 - 2:51 p.m.
CVE-2018-17175
2018-09-2014:51:51
redhat.com
access.redhat.com
9
EPSS
0.001
Percentile
43.4%
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema “only” option treats an empty list as implying no “only” option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the “only” option, and there is a user role that produces an empty value for “only”).
Related
cvelist
cvelist
CVE-2018-17175
2018-09-18 17:00:00
osv
osv
CVE-2018-17175
2018-09-18 17:29:01
PYSEC-2018-67
2018-09-18 17:29:00
python-marshmallow-doc-3.20.2-2.2 on GA media
2024-07-12 00:00:00
nessus
nessus
Fedora 28 : python-marshmallow (2018-cc9adc4808)
2019-01-03 00:00:00
Fedora 27 : python-marshmallow (2018-8b109a6de0)
2018-10-11 00:00:00
Fedora 29 : python-marshmallow (2018-9006b64e41)
2019-01-03 00:00:00
ubuntucve
ubuntucve
CVE-2018-17175
2018-09-18 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: python-marshmallow-2.11.1-8.fc28
2018-10-10 22:47:00
[SECURITY] Fedora 27 Update: python-marshmallow-2.11.1-8.fc27
2018-10-10 21:55:00
[SECURITY] Fedora 29 Update: python-marshmallow-2.11.1-8.fc29
2018-10-09 00:07:43
mageia
mageia
Updated python-marshmallow packages fix security vulnerability
2019-02-13 14:08:25
nvd
nvd
CVE-2018-17175
2018-09-18 17:29:01
openvas
openvas
Fedora Update for python-marshmallow FEDORA-2018-8b109a6de0
2018-10-11 00:00:00
Mageia: Security Advisory (MGASA-2019-0065)
2022-01-28 00:00:00
Fedora Update for python-marshmallow FEDORA-2018-cc9adc4808
2018-10-11 00:00:00
debiancve
debiancve
CVE-2018-17175
2018-09-18 17:29:01
cve
cve
CVE-2018-17175
2018-09-18 17:29:01
prion
prion
Design/Logic Flaw
2018-09-18 17:29:00
github
github